class Ability
  include CanCan::Ability
  
  def initialize(user)
    can :read, User

    can [:read, :update], User do |other_user|
      user.supervises?(other_user)
    end
  
    if user.squadron_admin
      can :manage, User
    else
      if user.organization_admin
        # org admin's can only manage users within their org
        can [:create, :read, :update], User do |other_user|
          other_user.organization == user.organization
        end
      end
    end
    
  end
end
